<%if request("action")="Input" then
call Input()
end if
code=request("code")
select case code
case "Inputed"
username = replace(trim(request("username")),"'","")
set rschkuser = server.CreateObject("adodb.recordset")
rschkuser.open "select * from userinfo where username='"&username&"'",conn,1,3
if rschkuser.eof and rschkuser.bof then
response.Write("")
else
call Answer()
session("userid")=rschkuser("id")
end if
case "Answered"
Answered = Replace(Trim(Request("Answer")),"'","")
Answered = md5(Answered,16)
set rschkAns = server.CreateObject("adodb.recordset")
rschkAns.open "select * from userinfo where id="&session("userid")&" and answer='"&Answered&"'",conn,1,1
if rschkAns.eof and rschkAns.bof then
response.Write("")
else
call changepws
end if
case "changepws"
password = Replace(trim(request("password")),"'","")
repassword = Replace(trim(request("repassword")),"'","")
if password = "" then
response.Write("")
response.end
end if
if password <> repassword then
response.Write("")
response.end
else
if len(password)<6 then
response.Write("")
else
password=md5(password,16)
set rschangepws=server.CreateObject("adodb.recordset")
rschangepws.open "select * from userinfo where id="&session("userid"),conn,1,3
rschangepws("password") = password
rschangepws.update
response.Write("")
session("userid")=""
rschangepws.close
set rschangepws = nothing
end if
end if
end select
sub Input()%>
